Lucene search

[email protected]CVE-2021-44862

HistoryNov 03, 2022 - 8:15 p.m.

CVE-2021-44862

2022-11-0320:15:24

CWE-532

[email protected]

web.nvd.nist.gov

netskope

client

vulnerability

unauthorized access

sensitive information

logs

data

impersonation

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Netskope client is impacted by a vulnerability where an authenticated, local attacker can view sensitive information stored in NSClient logs which should be restricted. The vulnerability exists because the sensitive information is not masked/scrubbed before writing in the logs. A malicious user can use the sensitive information to download data and impersonate another user.

Affected configurations

NVD

Node

netskopenetskopeRange≤91

CPENameOperatorVersion
netskope:netskopenetskopele91

CPE	Name	Operator	Version
netskope:netskope	netskope	le	91

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NSClient",
    "vendor": "Netskope",
    "versions": [
      {
        "status": "affected",
        "version": "91.0 and Prior"
      }
    ]
  }
]

References

www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2022-001

Social References

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2021-44862

nvd1 cvelist1 prion1